Michael D. | 23.02.2015 11:02 | Ist alles erledigt. Kasperksy zeigt mir als Bedrohung immer noch db101.exe an. Habe das bislang ignoriert und bin nur deinen Anweisungen gefolgt.
Hier die Logs: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 23.02.2015
Suchlauf-Zeit: 10:35:50
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.23.02
Rootkit Datenbank: v2015.02.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael *****
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341297
Verstrichene Zeit: 5 Min, 17 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, 1880, Löschen bei Neustart, [bf1ffa27a5e5e5517e30414eb352b14f]
PUP.Optional.Adpeak.A, C:\Program Files\003\xmkysecqun64.exe, 1880, Löschen bei Neustart, [b12d60c1cdbdae8882d6f52b996c31cf]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 8
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, In Quarantäne, [bf1ffa27a5e5e5517e30414eb352b14f],
PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, In Quarantäne, [b12d60c1cdbdae8882d6f52b996c31cf],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [f9e5968b602ae452ab029f1f887b9e62],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, In Quarantäne, [fbe35ac722685ed884087d3b857efd03],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}, In Quarantäne, [1fbf6fb2cfbb989ee700ad16bc4742be],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-302807095-1748037827-381501272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, In Quarantäne, [637b43de8dfda195aa57bf15d42fae52],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-302807095-1748037827-381501272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [f4ea839e9bef0f273ad461724bb86f91],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-302807095-1748037827-381501272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, In Quarantäne, [a63891905b2fe84e23dfcf05659e57a9],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 7
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.Adpeak.A, C:\Program Files\003, Löschen bei Neustart, [b12d60c1cdbdae8882d6f52b996c31cf],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SystemSpeedup, C:\Users\Michael *****\AppData\Roaming\systweak\ssd, In Quarantäne, [98467fa2236774c223f13a39897a6c94],
Dateien: 42
Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, Löschen bei Neustart, [bf1ffa27a5e5e5517e30414eb352b14f],
PUP.Optional.Systweak, C:\Users\Michael *****\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [459931f0f7933ff7736a898ea062669a],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [de009f82e4a63ef8b63488b5f10fac54],
PUP.Optional.BundleInstaller.A, C:\Users\Michael *****\AppData\Local\Temp\n8160\s8160.exe, In Quarantäne, [a836b56cdeacb086a453d770a25ee61a],
PUP.Optional.SupraSavings.A, C:\Users\Michael *****\AppData\Local\Temp\n8160\suprasavings_2703-e3e04064.exe, In Quarantäne, [8a5472af4e3c60d66e29d21319e9ee12],
PUP.Optional.Babylon, C:\Users\Michael *****\AppData\Local\Temp\n8160\systemspeedup_1203-72c8223c.exe, In Quarantäne, [ecf20021dab05ed874bb58741be6b14f],
PUP.Optional.BundleInstaller.A, C:\Users\Michael *****\AppData\Local\Temp\n7373\s7373.exe, In Quarantäne, [b12d1a07e6a4d0663bbc380f23dd4cb4],
PUP.Riskware.Patcher, C:\Users\Michael *****\AppData\Local\Temp\Rar$EXa0.301\BRD\Patch.exe, In Quarantäne, [b5291d042c5eef4739c5d257d22f8a76],
PUP.Riskware.Patcher, C:\Users\Michael *****\AppData\Local\Temp\Rar$EXa0.597\BRD\Patch.exe, In Quarantäne, [28b666bbdab0e74f5da171b8ed14966a],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [16c86fb2b2d8af87f56abedfa45ff010],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Michael *****\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [6777b76a6426a096cc93faa3e71c3bc5],
PUP.Optional.Adpeak.A, C:\Program Files\003\xmkysecqun64.exe, Löschen bei Neustart, [b12d60c1cdbdae8882d6f52b996c31cf],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\background.js, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionInstall, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionUninstall, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon128.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon16.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon32.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon48.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon64.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon8.png, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\iwalyk.js, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\manifest.json, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\marcopolo.js, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\SendJson.dll, In Quarantäne, [aa34b46d7e0c2e08365b3f231fe4e41c],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
# AdwCleaner v4.111 - Bericht erstellt 23/02/2015 um 10:48:38
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 Pro (x64)
# Benutzername : Michael ***** - MICHAEL-LAPTOP
# Gestarted von : C:\Users\Michael *****\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\MICHAE~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Michael *****\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B501B6E56F182443979D1DFA8309BD4
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [3458 Bytes] - [23/02/2015 10:47:28]
AdwCleaner[S0].txt - [3227 Bytes] - [23/02/2015 10:48:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3286 Bytes] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x64
Ran by Michael ***** on 23.02.2015 at 10:53:17,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-302807095-1748037827-381501272-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Michael *****\AppData\Roaming\mozilla\firefox\profiles\qkz5ovv2.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2015 at 10:55:04,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Michael ***** (administrator) on MICHAEL-LAPTOP on 23-02-2015 10:55:50
Running from C:\Users\Michael *****\Desktop
Loaded Profiles: Michael ***** (Available profiles: Michael *****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Dropbox, Inc.) C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-302807095-1748037827-381501272-1001\...\Run: [GoogleContactSync] => C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe [902144 2013-01-08] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
HKU\S-1-5-21-302807095-1748037827-381501272-1001\...\RunOnce: [Uninstall C:\Users\Michael *****\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael *****\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Michael *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk
ShortcutTarget: Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael *****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-302807095-1748037827-381501272-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} https://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1559832739
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default
FF Homepage: cortalconsors.de|hxxp://9gag.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael *****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-06-05]
FF Extension: High Definition Video - C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default\Extensions\hdv@vovcacik.addons.mozilla.org.xpi [2014-08-29]
FF Extension: ScrapBook - C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\Michael *****\AppData\Roaming\Mozilla\Firefox\Profiles\qkz5ovv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-15]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-02-25] (Intel Corporation)
S1 ISODisk; C:\Windows\SysWow64\Drivers\ISODisk.sys [9600 2006-04-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 10:55 - 2015-02-23 10:55 - 00001500 _____ () C:\Users\Michael *****\Desktop\JRT.txt
2015-02-23 10:52 - 2015-02-23 10:52 - 01388274 _____ (Thisisu) C:\Users\Michael *****\Desktop\JRT.exe
2015-02-23 10:51 - 2015-02-23 10:51 - 00003410 _____ () C:\Users\Michael *****\Desktop\AdwCleaner[S0].txt
2015-02-23 10:47 - 2015-02-23 10:48 - 00000000 ____D () C:\AdwCleaner
2015-02-23 10:46 - 2015-02-23 10:46 - 02126848 _____ () C:\Users\Michael *****\Desktop\AdwCleaner_4.111.exe
2015-02-23 10:45 - 2015-02-23 10:46 - 00009777 _____ () C:\Users\Michael *****\Desktop\mbam.txt
2015-02-23 10:34 - 2015-02-23 10:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 10:33 - 2015-02-23 10:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michael *****\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-23 10:33 - 2015-02-23 10:33 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 10:33 - 2015-02-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 10:33 - 2015-02-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 10:33 - 2015-02-23 10:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 10:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 10:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-23 10:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 19:16 - 2015-02-22 19:16 - 00003476 _____ () C:\Users\Michael *****\Desktop\Gmert.log
2015-02-22 18:42 - 2015-02-23 10:55 - 00018997 _____ () C:\Users\Michael *****\Desktop\FRST.txt
2015-02-22 18:42 - 2015-02-22 19:21 - 00028086 _____ () C:\Users\Michael *****\Desktop\Addition.txt
2015-02-22 18:41 - 2015-02-23 10:55 - 00000000 ____D () C:\FRST
2015-02-22 18:40 - 2015-02-22 19:18 - 00000490 _____ () C:\Users\Michael *****\Desktop\defogger_disable.log
2015-02-22 18:40 - 2015-02-22 18:40 - 00000000 _____ () C:\Users\Michael *****\defogger_reenable
2015-02-22 18:39 - 2015-02-22 18:39 - 00380416 _____ () C:\Users\Michael *****\Desktop\Gmer-19357.exe
2015-02-22 18:37 - 2015-02-22 18:37 - 02087424 _____ (Farbar) C:\Users\Michael *****\Desktop\FRST64.exe
2015-02-22 18:37 - 2015-02-22 18:37 - 00050477 _____ () C:\Users\Michael *****\Desktop\Defogger.exe
2015-02-19 18:01 - 2015-02-19 18:01 - 00000000 ____D () C:\Users\Michael *****\Desktop\Neuer Ordner (3)
2015-02-19 17:59 - 2015-02-19 18:00 - 00000000 ____D () C:\Users\Michael *****\Desktop\Neuer Ordner (2)
2015-02-19 16:44 - 2015-02-19 17:16 - 00000000 ____D () C:\Users\Michael *****\Desktop\Neuer Ordner
2015-02-19 16:18 - 2015-02-23 10:50 - 00000000 ___DO () C:\Users\Michael *****\OneDrive
2015-02-19 15:37 - 2015-02-19 16:18 - 00000000 __RDO () C:\Users\Michael *****\OneDrive (7).old
2015-02-19 14:54 - 2015-02-19 15:37 - 00000000 __RDO () C:\Users\Michael *****\OneDrive (6).old
2015-02-19 14:41 - 2015-02-19 14:54 - 00000000 ___RD () C:\Users\Michael *****\OneDrive (5).old
2015-02-19 12:35 - 2015-02-19 14:41 - 00000000 __RDO () C:\Users\Michael *****\OneDrive (4).old
2015-02-19 12:18 - 2015-02-19 12:18 - 00003436 _____ () C:\Windows\System32\Tasks\START SKYDRIVE
2015-02-19 12:15 - 2015-02-19 12:35 - 00000000 __RDO () C:\Users\Michael *****\OneDrive (3).old
2015-02-19 11:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-19 11:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-18 14:13 - 2015-02-18 14:13 - 00000000 ____D () C:\Users\Michael *****\Documents\Outlook-Dateien
2015-02-14 17:27 - 2015-02-14 17:27 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2015-02-14 17:10 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 17:10 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 17:10 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-14 17:10 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-14 17:09 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-14 17:09 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-14 17:09 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-14 17:09 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 17:09 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 17:09 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 17:09 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 17:09 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-14 17:09 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-14 17:09 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 17:09 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-14 17:09 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 17:09 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-14 17:09 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-14 17:09 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-14 17:09 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-14 17:09 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-14 17:09 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 17:09 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 17:09 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 17:09 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 17:09 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-14 17:09 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 17:09 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-14 17:09 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-14 17:09 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-14 17:09 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 17:09 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-14 17:09 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-14 17:09 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-14 17:09 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-14 17:09 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-14 17:09 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 17:09 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 17:09 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-14 17:09 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-14 17:09 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-14 17:09 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 17:09 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-14 17:09 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-14 17:09 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 17:09 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 17:09 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-14 17:09 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 17:09 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-14 17:09 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-14 17:09 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 17:09 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-14 17:09 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-14 17:09 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-14 17:09 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-14 17:09 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-14 17:09 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-14 17:09 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-14 17:09 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-14 17:09 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-14 08:41 - 2015-02-19 18:03 - 00000000 ____D () C:\Users\Michael *****\Desktop\Kamera md - Teil 2
2015-02-14 08:37 - 2015-02-14 08:54 - 00000000 ____D () C:\Users\Michael *****\Desktop\Kamera dd
2015-02-14 08:35 - 2015-02-14 08:36 - 00000000 ____D () C:\Users\Michael *****\Desktop\Handy dd
2015-02-14 08:32 - 2015-01-24 09:09 - 102446871 _____ () C:\Users\Michael *****\Desktop\20150124_100849.mp4
2015-02-14 08:29 - 2015-02-14 08:33 - 00000000 ____D () C:\Users\Michael *****\Desktop\Handy md
2015-02-06 15:41 - 2015-02-06 15:42 - 00000000 ____D () C:\Users\Michael *****\Desktop\Musik
2015-02-06 15:33 - 2015-02-06 15:41 - 00000000 ____D () C:\Users\Michael *****\Desktop\Comedy
2015-02-06 11:03 - 2015-02-06 11:03 - 00002962 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-02-06 11:03 - 2015-02-06 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-02-06 11:03 - 2015-02-06 11:03 - 00000000 ____D () C:\Program Files (x86)\QNAP
2015-01-29 19:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-29 19:11 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-29 19:11 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-29 19:11 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-29 19:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-29 19:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-29 19:11 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-29 19:11 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-29 19:11 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-29 19:11 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-29 19:11 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-29 19:11 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-29 19:11 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-29 19:11 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-29 19:11 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-29 19:11 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-29 19:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-29 19:11 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-29 19:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-29 19:11 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-29 19:11 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-29 19:11 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-29 19:11 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-29 19:11 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-29 19:11 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-29 19:11 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-29 19:11 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-29 19:11 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-29 19:11 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-29 19:11 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-29 19:11 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-29 19:11 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-29 19:11 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-29 19:11 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-29 19:11 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-29 19:11 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-29 19:11 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-29 19:11 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-29 19:11 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-29 19:11 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-29 19:11 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-29 19:11 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-29 19:11 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-29 19:11 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-29 19:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-29 19:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-29 19:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-29 19:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-29 19:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-29 19:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-29 19:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-29 19:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-29 19:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-29 19:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-29 19:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-29 19:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-29 19:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-29 19:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-29 19:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-29 19:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-29 19:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-29 19:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-29 19:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-29 19:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-29 19:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-29 19:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-29 19:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-29 19:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-29 19:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-29 19:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-29 19:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-29 19:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-29 19:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-29 19:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-29 19:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-29 19:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-29 19:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-29 19:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-29 19:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-29 19:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-29 19:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-29 19:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-29 19:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-29 19:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-29 19:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-29 19:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-29 19:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-29 19:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-29 19:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-29 19:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-29 19:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-29 19:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-29 19:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-29 19:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-29 19:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-29 19:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-29 19:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-29 19:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-29 19:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-29 19:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-29 19:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-29 19:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-29 19:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-29 19:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-29 19:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-29 19:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-29 19:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-29 19:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-29 19:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-29 19:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-29 19:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-29 19:09 - 2015-01-29 19:11 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-29 19:09 - 2015-01-29 19:10 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-01-29 19:09 - 2015-01-29 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renegade X
2015-01-29 19:05 - 2015-01-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2015-01-28 15:58 - 2015-01-28 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 13:47 - 2015-01-25 13:47 - 00000000 ____D () C:\Users\Michael *****\AppData\Local\Launcher
2015-01-25 13:46 - 2015-01-25 13:46 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake Live.lnk
2015-01-25 13:46 - 2015-01-25 13:46 - 00000000 ____D () C:\Program Files (x86)\Quake Live
2015-01-25 11:16 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 11:16 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 11:16 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-25 11:16 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-25 11:16 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-25 11:16 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-25 11:16 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-25 11:16 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 11:16 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-24 15:16 - 2015-01-24 15:16 - 00000000 ____D () C:\Users\Michael *****\AppData\Local\id Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 10:55 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 10:55 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 10:55 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 10:51 - 2014-10-08 14:22 - 00005208 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MICHAEL-LAPTOP-Michael ***** Michael-Laptop
2015-02-23 10:51 - 2014-06-04 21:45 - 01130845 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 10:50 - 2014-07-14 16:56 - 00000000 ___RD () C:\Users\Michael *****\Dropbox
2015-02-23 10:50 - 2014-07-14 16:54 - 00000000 ____D () C:\Users\Michael *****\AppData\Roaming\Dropbox
2015-02-23 10:50 - 2014-06-09 12:21 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 10:49 - 2014-06-15 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-23 10:49 - 2014-03-18 02:51 - 00067182 _____ () C:\Windows\PFRO.log
2015-02-23 10:49 - 2013-08-22 15:46 - 00055358 _____ () C:\Windows\setupact.log
2015-02-23 10:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 10:49 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-23 10:48 - 2014-06-04 21:53 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-302807095-1748037827-381501272-1001
2015-02-23 10:47 - 2014-06-09 12:21 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 10:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\schemas
2015-02-23 10:41 - 2014-06-08 13:24 - 00000000 ____D () C:\temp
2015-02-23 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 19:13 - 2013-08-22 15:44 - 00481968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-22 18:40 - 2014-06-04 21:47 - 00000000 ____D () C:\Users\Michael *****
2015-02-22 15:41 - 2014-06-04 21:48 - 00000000 ____D () C:\Users\Michael *****\AppData\Local\Packages
2015-02-21 10:57 - 2014-08-27 22:31 - 00000000 ____D () C:\Users\Michael *****\AppData\Local\Adobe
2015-02-20 21:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-19 16:24 - 2014-06-29 16:23 - 00774656 ___SH () C:\Users\Michael *****\Desktop\Thumbs.db
2015-02-19 12:47 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-19 12:15 - 2014-06-26 21:12 - 00000000 ___RD () C:\Users\Michael *****\OneDrive (2).old
2015-02-18 09:13 - 2014-06-06 17:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-18 09:12 - 2014-06-06 17:08 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-16 11:14 - 2014-06-05 23:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 11:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-14 18:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 18:01 - 2014-07-14 16:55 - 00000000 ____D () C:\Users\Michael *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-14 17:42 - 2014-06-09 12:21 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 17:42 - 2014-06-09 12:21 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-14 17:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-06 11:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 19:11 - 2014-07-13 14:30 - 00047459 _____ () C:\Windows\DirectX.log
2015-01-29 19:05 - 2014-06-20 08:12 - 00007600 _____ () C:\Users\Michael *****\AppData\Local\Resmon.ResmonCfg
2015-01-29 15:37 - 2014-06-05 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 22:08 - 2014-07-31 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-24 22:08 - 2014-06-09 11:52 - 00000000 ____D () C:\Users\Michael *****\AppData\Roaming\vlc
2015-01-24 22:08 - 2014-03-18 10:40 - 00000000 ____D () C:\Windows\ShellNew
2015-01-24 22:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-24 22:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
2015-01-24 22:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-01-24 22:08 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing
2015-01-24 22:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2015-01-24 22:07 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-24 21:38 - 2015-01-21 17:44 - 00000112 _____ () C:\ProgramData\X4202fyO.dat
==================== Files in the root of some directories =======
2014-07-19 14:37 - 2014-06-20 12:28 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe
2014-11-06 20:37 - 2014-11-06 23:27 - 0013026 _____ () C:\Users\Michael *****\AppData\Roaming\Durch Trennzeichen getrennte Werte.CAL
2014-06-20 08:12 - 2015-01-29 19:05 - 0007600 _____ () C:\Users\Michael *****\AppData\Local\Resmon.ResmonCfg
2015-01-21 17:44 - 2015-01-24 21:38 - 0000112 _____ () C:\ProgramData\X4202fyO.dat
Files to move or delete:
====================
C:\ProgramData\X4202fyO.dat
Some content of TEMP:
====================
C:\Users\Michael *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg34gie.dll
C:\Users\Michael *****\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael *****\AppData\Local\Temp\SIInvoker.exe
C:\Users\Michael *****\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-20 21:38
==================== End Of Log ============================ --- --- ---
Vielen Dank für die Hilfe. |